Tag: security

In this article, you’ll learn more about how you can verify an email address without having to write to it with a test send or verification request. Sometimes there’s a situation where validating an address in your contacts list or customer records can be very beneficial.

When was the last time you used public Wi-Fi to work remotely? If you’re like 91% of recent survey respondents, you agree that public Wi-Fi is not secure. If you’re like 89% of the same respondents, you use it anyway.

When you’re on a site that requires you to create a password, more likely than not, you’re going to enter the same password you use for every site. Those websites might have the best security available, but if you aren’t diligent about your password, your email and private information is extremely vulnerable to hackers. What can you do about it? Check out these quick tips to a safer password.

As you all, know on April 7 the OpenSSL project issued an advisory (of which NSA has apparently been aware of for 2 years). We deployed the updated OpenSSL libraries on Tuesday at 7am EST and renewed all of our SSL certificates.

Don’t wait until you lose something. A hard drive can crash any time – even a solid state hard drive on your brand new Macbook Air (happened to a friend recently!) Just because you use IMAP and the email is held on your email server doesn’t mean you shouldn’t do backups. One would hope that your email service provider does backups too, but it is better to have control of your own life.

For example, at SaneBox we use Rsync, Crashplan and SuperDuper. Remember to test if your backups are really working by trying to recover something every 6 months or so. If you use SuperDuper, try booting off your SuperDuper drive. Tell us **your** favorite backup/disaster recovery solutions in the comments section, and we will aggregate that list and resend in a future Activity Report.

By design, we limit the information that is held on our servers. Your email never resides on our servers, except for the moment that we send your SaneReminders email back to you (and even then we try to measure in seconds the time that any one email is on our disks).

Also by design, SaneBox acts as a client so that if our service should be down for a minute or two (we shoot for 5 9′s of uptime), your email will continue to be delivered to your Inbox. The only side effect of our being down would be that your unimportant email will linger in your Inbox, mocking you.

We approach security as 4 layers. Each layer, while as impervious as we can make it, is backstopped by the other layers.

Physical security – we co-locate with CDW in secure/hardened facilities in secure racks.

Network security – the service and database machines do not accept any connections from the public internet. A hacker would have to a) create a VPN connection to our private network, b) guess our ssh keys to a bastion host, c) figure out ssh keys to one of the service machines, and then d) the thing they are looking for is secured with bank quality encryption.

Data security – your email is never resident on our servers (only meta data is) so the only thing of value to an outsider would be the email credentials that we use to access your email, which are bank-quality encrypted with a key that must be entered manually by a human. And at least in the case of Gmail, those credentials are only good for a SaneBox IP.

Trusted Personnel – It is only the most vetted subset of our trusted employees that even access that final encryption key. Think the top secret key that has to be turned to engage the nuclear weapon – that’s how we feel about this final secret.

Always remember that someone could look over your shoulder someday while you type your password. Or someone could get you to click on a phishing email and get you to enter your credentials to a phishing site. So you should always be as careful as SaneBox.

We spend time each month looking for ways to secure the system further. So assume SaneBox is like a castle with an ever deeper moat.